Which OS feature is commonly abused by attackers for persistence, such as cron or Task Scheduler?

The concept being tested is persistence through automated, scheduled execution. Attackers favor features that run programs without user interaction because they can survive reboots and logins and blend in with legitimate admin automation. Scheduled tasks fit this role perfectly: they let a program or script run at a defined time, on a trigger (such as startup or logon), or on a recurring schedule. This makes it a reliable way to maintain access after the initial intrusion, since the task can operate with elevated privileges and without ongoing user activity. On Windows, Task Scheduler can run tasks with SYSTEM or other privileged accounts and trigger them at startup, logon, or on a custom schedule. On Unix-like systems, cron serves the same purpose, scheduling commands to run automatically. For defense, monitor for creation or modification of scheduled tasks, look for unusual run times, hidden or unsigned tasks, or commands that reach out to external resources, and enforce strict access controls and logging around task creation.